Versions Compared

Old Version 1

changes.mady.by.user Pawel Pawlak

Saved on

compared with

New Version Current

changes.mady.by.user Amy Zwarico

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jira No
SummaryDescriptionStatusSolution

Synch meeting with Requirements Subcommittee We had a meeting on May 11th where we presented SECCOM

SECCOM Non functional requirements for Guilin

release. 

We were asked to fulfill our non functional requirements on this wiki.

Jira Epics to be started for each project.

Deadline is 27th of May

release 

Wiki to be updated by each requirement leader by 27th of May. Additionally Jira requirement Epics will have to be created.OngoingAmy already fulfilled packages upgrade requirement.

AAF removal proposal 

Following the discussions SECCOM team agreed with the following statment proposal:

AAF is a default security mechanizm for ONAP, it should be possible to replace AAF with an alternative solution.

OOF is the only project that is using AAF SMS.

Done



Done - waiting for a feedback from Taka. 

To be shared with Sylvain.



Taka do be contacted to check in what context AAF is used by APPC.


Guilin Integration non-functional requirements

Amy presented slides with Sylvain's proposal.

2 blockers identified:

  1. Exactly 1 main process per container - waiver can be granted for projects with technical reasons for having more than 1 main process.
  2. All logs written to STDOUT.

Components may use http = to have ability to run without https

Applications come with hadcoded passwordsand then when we try to replace it with something else, if it fails appliction is using default insecure passwords.

Many applications fail without any message - if you put special character inside the sed, it would not fail but produce result that you would not expect and then application configuration is broken. 

We ask PTLs to update their code to comply with those requirements. When TSC decides to put lower priority to some of those, we might have not being able to force for the existing code (we may try to achieve it gradually). Any new code should comply with those regulations that we have here. 

Nginx ingress is already part of the deployment.

20_05_19_GuilinIntegrationNonfunctionalRequirementsV2.pptx




IAM requirement

Waiting for Fabian's feedback.

IAM requirement

1)

SECCOM-136

ONAP MUST support the creation of multiple unique IDs so that individual accountability can be supported.

For our point of view must be:

ONAP MUST support the creation of multiple unique IDs so that individual accountability is supported.

2)

Due to lack of any requirement around the Traceability

New requirement propsoed

ONAP MUST associate each action to a responsible user and logged in order to be exported to an external component (e.g. Syslog, SIEM/SOC, etc.)


Jira
serverONAP JIRA
serverId425b2b0a-557c-3c0c-b515-579789cceedb
keySECCOM-136

Jira
serverONAP JIRA
serverId425b2b0a-557c-3c0c-b515-579789cceedb
keySECCOM-172

to be reviewed by Fabian.


Logging proposal at the last PTL call

Christophe provided a proposal on logging.

Action plan is more short term and definitely a path forward. 




AAF statusNot clear if we have a new PTL - John Franey. New commiters (Pawel, John and Gerard) were only temporary or Frankfurt release.
To be checked with John or Pawel. B.

Content for Jira's for CII BadgingConversation on Security documentation meeting next week

OOM requirements for Guilin - follow-up discussion with Sylvain

AAF is optional  - this was the intention. Bell Canada does not want to have AAF inegrated in their setup. RBAC and https should be possible to disable it - based on Sylvain's point of view.

Consultation on AAF approach with Architecture Subcommittee was not done and we think it should be.

Why Bell Canada does not address their need with TSC?

We agreed we need to have consistent requirements with OOM team ones, although the ability to turn off security is a bit odd for SECCOM.

We still do not know if AAF has a new PTL.

We should have documentation on how to deploy certificates with AAF Certman and without it.

Service mesh POC should answer some questions.

AAF inegration effort to be checked with PTLs.

We should have LoE estimation for those few projects on service mesh integration. 

Communication matrixIs still valid for an external communication. How to get this information automatically- OOM to be consulted.

To check with Sylvain if we can retrieve information valid for us. For DCAE external communication is already done.

Other external communication types to be identified.


 OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 26th OF MAY'20.



View file
name2020-05-19_SECCOM_week.mp4
height150


View file
name2020-05-19 ONAP Security Meeting - AgendaAndMinutes.pptx
height150